David B (5/24/2009)and apparently is considered insecure (MSDN Link) along with the other MD hashes. SHA is apparently the way to go instead.

Of course I don't really play in that space so can't comment as to the validity of those assertions. Any security experts care to comment?

I'm not a security expert but I am enough of a nerd to have enjoyed studying cryptography.

There are a couple of SHA versions out there, and the NSA has a contest on to decide on the next generation of SHA (NIST).

The MD family isn't really secure anymore and neither is SHA-1, but they range on a sliding scale of "script kiddies love it" to "just don't store national secrets". Since secure from a cryptographer's viewpoint involves an attacker with the full resources of a large multi-national corporation or major national government I've never lost sleep over using MD5 or SHA-1 in my less that top secret applications.

Of course no hash algorithm in the world will protect from the user whose password is password.

The cryptoAPI name for the MD2 hash algorithm is not MD2, but CALG_MD2 (http://msdn.microsoft.com/en-us/library/ms904264.aspx). So MD2 is NOT the cryptoAPI name for MD2 - the "correct" answer is wrong (that didn't stop me, or probably anyone else, from ticking it though) unless of course the wrong question has been provided.

MD2 is actually the SQL Server HASHBYTES name for MD2, not the CryptoAPI name.